How severe is CVE-2019-11202?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-11202?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2019-11202

CRITICAL Year: 2019

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-287

View all →

Vulnerability Description

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.

CVE-2007-4043

CRITICAL

CVSS:9.8(Critical)

file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) before 4.6.3 allows remote attackers to bypass authentication via a name parameter ending with a "%00.gif" sequence. NOTE:...

CWE-2872007

CVE-2007-6759

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.

CWE-2872007

CVE-2007-6760

CRITICAL

CVSS:9.8(Critical)

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.

CWE-2872007

CVE-2009-2168

CRITICAL

CVSS:9.8(Critical)

cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypas...

CWE-2872009

CVE-2009-2382

CRITICAL

CVSS:9.8(Critical)

admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.

CWE-2872009

CVE-2009-2422

CRITICAL

CVSS:9.8(Critical)

The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead o...

CWE-2872009

CVE-2019-11202

Vulnerability Description

Related Vulnerabilities

CVE-2007-4043

CVE-2007-6759

CVE-2007-6760

CVE-2009-2168

CVE-2009-2382

CVE-2009-2422